Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Method To Detect and Prove GPL Violations

kdawson posted about 7 years ago | from the marked-at-birth dept.

GNU is Not Unix 218

qwerty writes "A paper to be presented at the upcoming academic conference Automated Software Engineering describes a new method to detect code theft and could be used to detect GPL violations in particular. While the co-called birthmarking method is demonstrated for Java, it is general enough to work for other languages as well. The API Benchmark observes the interaction between an application and (dynamic) libraries that are part of the runtime system. This captures the observable behavior of the program and cannot be easily foiled using code obfuscation techniques, as shown in the paper (PDF). Once such a birthmark is captured, it can be searched for in other programs. By capturing the birthmarks from popular open-source frameworks, GPL-violating applications could be identified."

cancel ×

218 comments

Sorry! There are no comments related to the filter you selected.

i'd say it's time (-1)

Anonymous Coward | about 7 years ago | (#20355061)

i actually figured out what the hell GPL is.

And who the fuck might I ask is to spend the time (-1, Troll)

Anonymous Coward | about 7 years ago | (#20355181)


And who the fuck might I ask is to spend the time doing this shit? If you don't want others to fucking use the shit keep the code out of their grubby little hands. I know I don't have the fucking time policing this sort of shit.

Re:And who the fuck might I ask is to spend the ti (1)

ronadams (987516) | about 7 years ago | (#20355307)

Good thing no one asked you to. GPL code is open-source, so "keeping it out of their grubby little hands" is not an option or even wanted. You had probably better come to understand the purpose of the GPL and what a GPL violation is before you post.

Re:i'd say it's time (3, Funny)

maxwell demon (590494) | about 7 years ago | (#20355839)

i actually figured out what the hell GPL is.
Interesting. Up to now I only knew about the GNU GPL and the Affero GPL. I guess the hell GPL differs from the GNU GPL that you have not only to give away your source, but also your soul?

new use of old trick (5, Informative)

toolslive (953869) | about 7 years ago | (#20355077)

I used to be a research assistent, and at university, we used this technique to see if students copied their assignments. They could rename variables, move pieces of text, change comments all the way they liked, but the execution profile stayed the same. We caught a lot of students, and they never figured out how we did it.

Re:new use of old trick (-1, Troll)

stubear (130454) | about 7 years ago | (#20355157)

Sounds to me like you were a crappy teacher then if they couldn't figure this simple method out. Aren't you supposed to be, you know, teaching them stuff like that?

Re:new use of old trick (1)

calebt3 (1098475) | about 7 years ago | (#20355199)

He was a research assistant, not a professor.

Re:new use of old trick (0)

Anonymous Coward | about 7 years ago | (#20355227)

How's the trolling these days? Catching anything?

Re:new use of old trick (4, Insightful)

mark-t (151149) | about 7 years ago | (#20355171)

How did you know they were cheating and didn't derive their similar approaches from a common origin (presumably material that was presented in class or else from the textbook)? My experience with marking for a computer science professor showed that about 80% of the students approached any given programming assignment almost exactly the same way in terms of their final implementation... their common origin being something the teacher described during a lecture.

Re:new use of old trick (5, Interesting)

Just Some Guy (3352) | about 7 years ago | (#20355371)

How did you know they were cheating and didn't derive their similar approaches from a common origin (presumably material that was presented in class or else from the textbook)?

Amen to that. This is an old story, but I think it bears repeating. A friend of mine and I got "caught" turning in identical code for an assignment. I mean, identical. Same structures, variables, types, layout - everything. However, we wrote our programs separately and never saw each others' until our teacher asked about it.

It sounds improbable, but consider that:

  1. We both directly transcribed variable names from the homework assignment. A sentence like "it is a fatal error condition for the user to specify a negative number of tasks" became "assert(numtasks >= 0);".
  2. We used the same editor and the same indenting style.
  3. We had done much of our homework together in previous classes because we tended to take the same approach to solving problems.
  4. The assignment wasn't terribly complex to begin with, so the resulting code was only a few pages long.

We had a teacher who trusted us and we were both good students with good test grades, so it was dismissed as a humorous coincidence. I'm glad a human was willing to listen to our explanation and not just go along with the findings of an automated tester.

Re:new use of old trick (0)

Anonymous Coward | about 7 years ago | (#20355539)

I take it your code was flawless? Because identical mistakes are still the number one reason for getting busted and people who write flawless code can easily prove their innocence by answering a couple of questions about the implementation on the spot.

Re:new use of old trick (3, Interesting)

Just Some Guy (3352) | about 7 years ago | (#20355553)

I take it your code was flawless?

Of course! ;-)

people who write flawless code can easily prove their innocence by answering a couple of questions about the implementation on the spot.

I think there was a bit of that, too: (pointing at me) "why did you do this?" "Because of this requirement in the last paragraph." (Pointing at friend) "and why didn't you use this approach?" "That wouldn 't have worked because of this part here."

Re:new use of old trick (2, Interesting)

fmobus (831767) | about 7 years ago | (#20356937)

In my university, this is the method most teachers will use when they suspect something. Ask each student something about the implementation, how it should be changed to achieve something slightly different. In some cases, when they allow you to form groups to solve the assignment, they will ask each student in the group about the implementation.

Sounds to me the best way to catch copiers and leechers.

Happened to me too (1)

cybersquid (24605) | about 7 years ago | (#20355867)

I believe you because this happened to me too.

In our case it was perhaps a little more understandable. The other student was a friend and we'd been collaborating on a project. We had adopted common naming conventions, etc.

Our code was virtually identical. I know it sounds unlikely but it does happen.

Re:new use of old trick (2, Interesting)

anothy (83176) | about 7 years ago | (#20356215)

just to demonstrate that this sort of overlap isn't just CS undergrads doing homework assignments, take a look at Ken Thompson's Turing award lecture [bell-labs.com] , particularly this section:

In the ten years that [Dennis Ritchie and I] have worked together, I can recall only one case of miscoordination of work. On that occasion, I discovered that we both had written the same 20-line assembly language program. I compared the sources and was astounded to find that they matched character-for-character.
that would clearly fail this test, but it's simply the result of two guys working very closely together with similar styles for a very long time.

Re:new use of old trick (0)

Anonymous Coward | about 7 years ago | (#20355203)

Your students knew. And they did it the way they did, to render your tool output ("is 80% or more similar"), and hence your judgement based on the result of a piece of software about whether they cheated or not, useless.

Consider the student's culture, too! (0)

Anonymous Coward | about 7 years ago | (#20356179)

I used to be a teaching assistant at a university in Canada. The student body in most Comp. Sci. programs in most Canadian universities is quite diverse. There are students from all over the world, from all sorts of different cultures. Different cultures have different attitudes towards cheating on school work. I found this out first hand, when I TA'ed a first-year C++ course a number of years ago.

Out of a class of 150 students, we ran into about 33 cases of cheating on the first assignment. Due to the relatively simple nature of the programs at hand, comparing execution profiles or anything of that sort wouldn't have been feasible. Many of them would have been the same, even if developed completely independently. The cheating we did see was quite blatant. We're talking about three students handing in exactly the same code. Sometimes the original creator's name would accidentally get left in a comment somewhere!

But myself and the two other TAs for that course noticed a trend: out of those 33 cases of cheating, 30 involved students from India. I remember the exact numbers just because they were so stunning. One of the other TAs, who I knew from my undergrad days, was born and raised in BC. But his parents were from India, and he was proud of his Indian heritage. You wouldn't believe how disgusted and embarrassed he was with those students.

He talked to some relatives he knew about schooling in India. He was told that copying work from other students, even those in the same class, usually isn't considered inappropriate, even when the students are instructed to work individually. Of course, that's not how it works in North America. If you were a cheater, and you got caught, you got punished. The other TA, with the Indian heritage, saw to that.

About 75% of the students from India who got caught didn't like this policy of being held accountable. They caused a real ruckus by complaining to the administration. The other TA wasted many hours in meetings dealing with these complaints, rather than working on his thesis or performing research. But he prevailed in each and every case. The cheating was just that obvious.

So maybe a better indicator of whether cheating took place involves looking at the cultural background of the student in question. Those from places that don't take cheating seriously may, not surprisingly, be more inclined to cheat. Including this criteria into such cheat-detection programs may be quite worthwhile, based on the situation I witnessed.

Re:new use of old trick (1)

kasperd (592156) | about 7 years ago | (#20356675)

Whether that approach gives false positives depends on the size and complexity of the piece of code they had to write. As a teaching assistent I have seen assignments that looked even more like copying than what you described, but even in that case they were eventually accepted. One time the students had to add some functionality to an assembler. All groups were given the same code to start with and just had to add one clearly defined piece of functionality. There is really not many ways to do that, so having two assignments looking suspiciously similar might not trigger any red flags. But when they also had accidentially added some whitespace in a piece of the code that they didn't even have to change, it looked a lot more suspicious. In a later assignment, they were asked to change the scheduler in Linux 2.2 to give each user the same share of CPU time. All groups came up with different solutions, except from two, which were identical except from variable names and white spacing. And that was the same two groups that had handed in something suspiciously similar in an earlier assignment.

So basically (0)

iknowcss (937215) | about 7 years ago | (#20355089)

If your algorithm works, say, 95% like one in another GPL project, you're in for the legal ride of your life? I could see this maybe suggesting "this code here is a LOT like that code there. Maybe yous should check it out." I mean, after all, how many possible implementations of doing something like, say, displaying a simple pie chart, could there possibly be?

Re:So basically (-1, Troll)

Anonymous Coward | about 7 years ago | (#20355143)

Dear dumbass,
No where in the fucking article does it say the tool will be run and then fire off an instant subpoena if a possible violation is found. What it will do, is allow people to follow-up on possible violations, i.e.: they'll review the fucking code.

Re:So basically (0)

mark-t (151149) | about 7 years ago | (#20355225)

AC wrote

Dear dumbass...

Yup... that's the ticket. Insult a person you disagree with. That's one of the best ways you could possibly prove your point.

What it will do, is allow people to follow-up on possible violations, i.e.: they'll review the ... code.

So what your saying is that this method will create a ton of unnecessary work for people to do, as it raises "possible violation" false alarms, each needing to be checked out by hand?

Re:So basically (1)

TheRaven64 (641858) | about 7 years ago | (#20355447)

The use case for this is that you release a piece of code, and then find someone else releasing code that does something similar. You run this program on your code and theirs, and there are three likely outcomes:
  • They didn't copy your code, and the program tells you this.
  • They copied your code, and the program detects it.
  • They didn't copy your code, but they did implement it in such a similar way that the program thinks they did.
In the first case, you stop checking. In the second and third, you run additional tests and see if you can find more evidence of a common origin.

No, really (2, Informative)

Plunky (929104) | about 7 years ago | (#20355093)

lets just set the code free. lets not chase it down the street to make sure it stays free, just let it go as it will.

Re:No, really (2, Interesting)

Reziac (43301) | about 7 years ago | (#20355177)

That was akin to my first thought: If opensource code is really so superior to closed source code, and if the world would be better off if all apps had been built from those codebases, then shouldn't we *encourage* it to be "pirated", for everyone's net benefit??

Re:No, really (2, Insightful)

Anonymous Coward | about 7 years ago | (#20355349)

You can use the BSD license for your code if you unconditionally believe that "more copies of good code = better world". Heck, in many countries you can put code directly in the public domain. For those who think that authors of good (open) code need to be able to get an advantage in return for their generosity, so that they can keep being generous and produce more good code, there's the GPL, and that needs some level of enforcement.

Re:No, really (1)

mini me (132455) | about 7 years ago | (#20356437)

You seem to be missing the point of the GPL. The GPL exists to ensure that the end user always has the code available to make changes to the software as he or she sees fit. If the software is released under a BSD-style license, there is no guarantee that the source code will be available for the binary that you are using.

Re:No, really (0)

Anonymous Coward | about 7 years ago | (#20357207)

The GPL may have been devised for a different purpose, but it certainly has that "no unfair competition" effect. I think that many people choose it mainly for that effect, especially nowadays that users rarely modify or even just compile software themselves.

Re:No, really (2, Insightful)

Ian Alexander (997430) | about 7 years ago | (#20355353)

That was akin to my first thought: If opensource code is really so superior to closed source code, and if the world would be better off if all apps had been built from those codebases, then shouldn't we *encourage* it to be "pirated", for everyone's net benefit??

One of the strengths of open source is that improvements are shared. If one company just makes some improvements to an open source project and then redistributes it in a way that violates the terms of the license designed to keep it open, that only completely undermines that strength. Open source code isn't necessarily superior. It's the development model of open source.

Either way, it's a pretty shitty thing for a company to do. Just follow the damn license. It isn't hard.

Re:No, really (3, Insightful)

TheRaven64 (641858) | about 7 years ago | (#20355533)

For Open Source code, you are right. The Open Source movement believes in the superiority of the 'bazaar' development mode. If you try to create a closed fork then you are going to fall behind the open version, and have to spend a lot of time and effort merging changes from the main tree.

The Free Software movement, however, believes that code which protects the user's freedoms to use, modify and distribute it is intrinsically superior, and that people who wish to write code that does not respect these freedoms should not be aided by being able to use the work of those who do.

As such, an Open Source advocate would not mind, because the closed copy would quickly become inferior. A Free Software advocate would object, because their work would be being used for (in their view) unethical purposes (denying end users their freedoms).

Re:No, really (0)

Anonymous Coward | about 7 years ago | (#20355691)

an Open Source advocate would not mind, because the closed copy would quickly become inferior.

I wouldn't subscribe to that. In the time between making a closed fork and falling behind, the "author" of the proprietary fork reaps the benefits of other people's work, but does not provide the same kind of benefits back to them. That gives him an advantage that can be converted to money, which in turn can be used to buy better resources. The GPL does not only give freedom to the users of open source software, it also protects the authors from falling victim to this kind of imbalance.

Re:No, really (0)

Anonymous Coward | about 7 years ago | (#20355263)

Tag article "DRM"

Re:No, really (4, Insightful)

The Bungi (221687) | about 7 years ago | (#20355281)

That won't do. The GPL is really more of a social instrument than a software license, so for people like Stallman a BSD-style license (which is just one step above public domain and true freedom) would be unacceptable. A lot of bandwidth and keyboard lubricant has been spent over the years to ensure that everyone thinks the GPL is the "best" software license - and the thousands of developers that buy into the FSF "freedom, with caveats" spiel by using the GPL (because well, that's what everyone uses) without really understanding what it's for are part of that problem.

As you can imagine I really don't like the GPL or the FSF or Richard Stallman or any of his friends too much. While I recognize their contributions I think that they've fallen into the trap of trying to force everyone to convert to what has become a quasi-religion where the Inquisition is more important than celebrating mass.

Re:No, really (3, Funny)

Anonymous Coward | about 7 years ago | (#20355331)

keyboard lubricant

I've never heard it called that before.

Re:No, really (1)

jez9999 (618189) | about 7 years ago | (#20355451)

Making the code freer than the GPL lets eg. Microsoft's embrace, extend, extinguish a whole lot easier. Now they just have to copy/paste and slightly modify the code, compile it, and pass it off as theirs. Some of us don't like that.

Re:No, really (1)

The Bungi (221687) | about 7 years ago | (#20355545)

I consider BSD to be a superior server environment to Linux, and so far it's doing quite well.

No, really-DRMing the GPL. (0)

Anonymous Coward | about 7 years ago | (#20356391)

"Making the code freer than the GPL lets eg. Microsoft's embrace, extend, extinguish a whole lot easier."

So bits can be locked up. Boy does that destroy a lot of anti-copyright arguments.

"Now they just have to copy/paste and slightly modify the code, compile it, and pass it off as theirs."

Information wants to be free...of consequences.

Re:No, really (1)

DamonHD (794830) | about 7 years ago | (#20355455)

Yes, I too think that the GPL rates RMS' political agenda higher than my creative contribution, so I prefer BSD licensing.

It's not like RMS is paying me, so why should my work be used to support his aims above mine?

Rgds

Damon

Re:No, really (4, Insightful)

Daishiman (698845) | about 7 years ago | (#20355683)

You know, I'm absolutely tired of the BSD trolls that claim that the BSD license is "freer", not because I have a beef with the BSD, simply because your definition of "freedom" is ludicrous.

There are no absolute freedoms. Freedom to infringe on other's rights or freedoms gives more freedom to yourself, but limits it to other members of society. So long as there are things that cannot be owned or achieved communaly without side effects to others, freedoms have a limit, that is the actions that you cannot do so that others can do them.

The GPL definition of freedom is that a sofware and derivatives must always, under all conditions, be free. Yes, it a restriction to the developer who would wish to close up his source and use a GPLed piece of code, but it is an additional freedom to all the users who now have access to this source, which would have otherwise been denied.

Analogy time: the King is free to treat his peasants as dogs if he wished and if he has sufficient power to repress any opinions the peasants would have about that. The peasants, however, are limited by the freedoms the king has. Therefore the balance of freedoms for a more equal society would be that the king's freedoms be limited in order to allow the peasants to live their life.

So as you said, the GPL is also a social instrument, but it is no less free than the BSD; it simply distributes freedoms in a different matter. If you have a problem with that, use whichever license you wish to use. But don't go around accusing the GPL is limiting freedoms when it gives others freedoms that the BSD could never guarantee.

Re:No, really (3, Interesting)

The Bungi (221687) | about 7 years ago | (#20356189)

You know, I'm absolutely tired of the BSD trolls

If by that you mean "you have a different definition of what freedom is, therefore I don't like you" then sure, I'm a "BSD troll" or whatever.

your definition of "freedom" is ludicrous.

GPL -> Distribution restrictions.
BSD -> No restrictions.
No restrictions -> More freedom.
More freedom -> Possible unsavory side effects that people choose to live with

Isn't logic great?

The GPL definition of freedom is that a sofware and derivatives must always, under all conditions, be free.

BSD has a similar one, except that it doesn't place restrictions on how that happens. No one can make BSD-licensed software "non free", it will always be available to everyone. The only difference is that it might not benefit from coerced third party improvements, but that's what you sign up for.

it simply distributes freedoms in a different matter

The Kool-Aid is strong with this one.

But don't go around accusing the GPL is limiting freedoms when it gives others freedoms that the BSD could never guarantee.

BSD licenses guarantee absolutely nothing. Here's the code, do whatever the heck you want with it. The perceived benefits to using the GPL are nice, but please don't insult people's intelligence by claiming they result in more freedom. A restriction to ensure X or Y is still that - a restriction. The distribution restrictions on the GPL are designed to further Stallman's social causes (some of which I actually agree with). If you feel that's fine, then by all means use the GPL. That's your choice.

Re:No, really (1, Insightful)

Anonymous Coward | about 7 years ago | (#20356817)

No restrictions -> More freedom.

That doesn't follow in the real world, where we have other restrictions, i.e. copyright law. That allows people to take code and make it proprietary, which they otherwise couldn't. In an environment like that, it causes a net increase of freedom when there is an incentive to make code available under an open source license. Licensing software under the GPL provides that incentive by supplying functionality in return for making derivative works open source.

Re:No, really (3, Insightful)

Daishiman (698845) | about 7 years ago | (#20357013)

GPL -> Distribution restrictions. BSD -> No restrictions. No restrictions -> More freedom. More freedom -> Possible unsavory side effects that people choose to live with

GPL -> Code will always be open and derivatives will stay that way
BSD -> Code can be closed off and new improvements to it can remain closed off forever.
Always open code -> More freedom
Sometimes open code -> Permanent loss of freedom with regards to that code.
Indeed, logic is great.

BSD has a similar one, except that it doesn't place restrictions on how that happens. No one can make BSD-licensed software "non free", it will always be available to everyone. The only difference is that it might not benefit from coerced third party improvements, but that's what you sign up for.

I never said that you can't sign up for that if so you wish, but code is always used within contexts, and when used in the context of proprietary software, any improvements on the code will be lost, any bug fixes will be lost, any added functionality will be lost.

Sure, some people will build upon it, but losing the obligation of putting the improvements back into the codebase means that it will eventually stagnate, and that the improvements that could have been used for the good of everyone who contributed can be denied at will. Look at FreeBSD with OS X: Apple got the foundation of their OS for free, and after that they simply closed up the rest at will. Perhaps the Apple folks got to improve their memory management, or add some new DRM techniques. Whatever they've done, the FreeBSD devs will never get to see it.

If they don't mind as users and developers to see their work used to create a proprietary, vendor-locked platform then it's their prerogative; as a used and dev I prefer to make sure that my code is an established base of constant improvement. With the GPL they're empowered and free to do that; with BSD new parties are empowered to do whatever and completely ignore original creators aside from the required attributions.

Notice that I'm not saying the BSD license is more free; it is equally free, but shifting freedom to new developers and vendors to be,IMO, lazy bastards and profiting for nothing, while GPL shifts it to original developers, contributors and users to get reciprocal treatment from others. You're free to think that the former is more important; I belive the latter brings greater benefits to everyone in the long term.

BSD has a similar one, except that it doesn't place restrictions on how that happens. No one can make BSD-licensed software "non free", it will always be available to everyone. The only difference is that it might not benefit from coerced third party improvements, but that's what you sign up for.

No one is coercing anyone here. If you had read and understoof the GPL, and it looks like you haven't, you'd know that the conditions apply only to those who want to redistribute software. If you want to keep your patches to yourself you can do that and it's your right, but if you're going to be using other's code to sell it or gain from it you have to abide by the creator's conditions. Going back to my point about freedom, perhaps as distributor you have less leeway regarding your changes, but your users have just gained the guarantee that they'll always be able to see and change the code. The BSD could not have done that.

BSD licenses guarantee absolutely nothing. Here's the code, do whatever the heck you want with it. The perceived benefits to using the GPL are nice, but please don't insult people's intelligence by claiming they result in more freedom. A restriction to ensure X or Y is still that - a restriction. The distribution restrictions on the GPL are designed to further Stallman's social causes (some of which I actually agree with). If you feel that's fine, then by all means use the GPL. That's your choice.

You hit the nail on the head. The BSD licenses do not guarantee that the freedoms you have with said code will be preserved. I don't know what ontological definitions you're using, but in my book, not guaranteeing freedoms == less free. Yes, a restriction is a restriction, but if a restriction guarantees certain freedoms then you have the perpetuity of a freedom that was previously not there. Analogously, I don't think you could argue that making murder illegal makes a society less free because it places a restriction on us to arbitrarily kill others.

I recommend that you read "Theory of Justice" by Rawls or anything by Cornelious Castoriadis on the subject. They're both distinguished philosophers who make explain the ontology on the concept of freedom much better than what I could do in a /. post.

Re:No, really (1)

vranash (594439) | about 7 years ago | (#20357179)

This...
My Land...
You Land...

Copyrighted, so it's not our 'land' :)

Re:No, really (2, Insightful)

Kjella (173770) | about 7 years ago | (#20355697)

Oh I think everybody understands it just fine because it's basicly "Modify it any way you want. If you distribute it, source code goes with it". Ok so it's not free as in public domain, but who really has a problem with the GPL? Only those that want to take source code and not distribute source code. Which is fine, I'd love it if someone did my work so I could download it off the Internet too. I just don't see why anyone should bother to listen to them, no matter how many strawmen are being used about "real" freedom. The freedoms you don't get are the difference between free software and free labor.

FSF and Stallman have endorsed permissive licenses (2, Informative)

tepples (727027) | about 7 years ago | (#20355821)

The GPL is really more of a social instrument than a software license, so for people like Stallman a BSD-style license (which is just one step above public domain and true freedom) would be unacceptable.
Not so fast. The GPL FAQ [gnu.org] states that there exist situations where a permissive license is appropriate, in particular short programs [gnu.org] and web site templates [gnu.org] . Mr. Stallman has also endorsed the use of a permissive license for a library designed as the reference implementation of a Free file format that replaces patented file formats [xiph.org] .

Re:No, really (1)

Locklin (1074657) | about 7 years ago | (#20356061)

There is a major pragmatic purpose to the GPL for the developer. Any new developments by any party are conveyed back to the original author. Thats why people like Linus love to use it.

People that complain about the GPL are almost always parties interested in taking working code from the original author, and using/improving on it, without giving anything back. Why should we care if you want to freeload on someone else's work?

Re:No, really (1)

irc.goatse.cx troll (593289) | about 7 years ago | (#20357113)

People that complain about the GPL are almost always parties interested in taking working code from the original author, and using/improving on it, without giving anything back. Why should we care if you want to freeload on someone else's work?


Admittedly they're usually not as vocal, but theres plenty of people who prefer the BSD idea of freedom-- Otherwise there would be no BSD licensed code.

I don't dislike the GPL. but it definitely complicates things. A lot of times when working on something I just want to work on the part that is new or innovative, and use some pre-existing software as a 'base assumption'. I.E if I want to write some special backup software, I want to work on the logic of backing up, working off the assumption that I have a working FTP server on the other end rather than having to write one from scratch. Things like the loosely worded "linking clause" makes this really hard to do with GPL'd middleware (libraries, parsers, example code).

Not everyone that complains about GPL'd software just wants to rename gaim and sell it for $20. Some of us just don't want to reinvent the wheel every time we work on something new, but can't always afford to GPL everything that had some interaction with the GPL'd base.

Re:No, really (2, Insightful)

DaleGlass (1068434) | about 7 years ago | (#20356915)

The GPL vs BSD "freedom" argument is really boring semantics. Whether the GPL is freedom, slavery, communism or whatever else you want to call it is irrelevant to me: It does precisely what I want, which is why I use it.

The Bungi is the problem. (0, Troll)

twitter (104583) | about 7 years ago | (#20357063)

As you can imagine I really don't like the GPL or the FSF or Richard Stallman or any of his friends too much. While I recognize their contributions I think that they've fallen into the trap of trying to force everyone to convert to what has become a quasi-religion [it goes on without gettin better]

I don't have to imagine your hatred because you constantly display it. What would a Windoze user like you know about freedom [slashdot.org] ? Why should anyone listen to what you have to say about free software licenses?

Re:No, really (1)

fsmunoz (267297) | about 7 years ago | (#20357241)

The GPL is really more of a social instrument than a software license

I agree with you here.

so for people like Stallman a BSD-style license (which is just one step above public domain and true freedom) would be unacceptable.

Here I disagree: it's not unaceptable at all, only less prefered. It's a free license, but lacks the "social instrument" provisions that you mentioned, but it *is* a free license nonetheless. From the FSF licences page [fsf.org] :

If you are contemplating writing a new license, please contact the FSF by writing to . The proliferation of different free software licenses means increased work for users in understanding the licenses; we may be able to help you find an existing free software license that meets your needs. We try to list the most commonly encountered free software license on this page, but cannot list them all; we'll try our best to answer questions about free software licenses whether or not they are listed here.

Modified BSD license

This is the original BSD license, modified by removal of the advertising clause. It is a simple, permissive non-copyleft free software license, compatible with the GNU GPL.
If you want a simple, permissive non-copyleft free software license, the modified BSD license is a reasonable choice. However, it is risky to recommend use of "the BSD license", because confusion could easily occur and lead to use of the flawed original BSD license. To avoid this risk, you can suggest the X11 license instead. The X11 license and the revised BSD license are more or less equivalent.
This license is sometimes referred to as the 3-clause BSD license.


From the What is Free Software page [gnu.org] :

In the GNU project, we use copyleft to protect these freedoms legally for everyone. But non-copylefted free software also exists. We believe there are important reasons why it is better to use copyleft, but if your program is non-copylefted free software, we can still use it.


... and from the page concerning the BSD advertising clause problem [gnu.org] :

We recommend copyleft, because it protects freedom for all users,but non-copylefted software can still be free software, and useful to the free software community.


Of course, the FSF prefers and recommends the GPL: it's their license, made with a specific purpose. But I just don't see the confrontantional tone that would make the BSD/X11/ISC-type licenses "unacceptable".

As for the rest, you are of couse more than free to like or dislike RMS, the FSF or the GPL, I'm not trying to change that.

Re:No, really (0)

Anonymous Coward | about 7 years ago | (#20355471)

The GPLs have always been weird. They appeal mostly to commies with beards who think profit is evil as evil can be and like to hold hands and sing sillily. You want open and free? Use BSD.

Re:No, really (1)

jack455 (748443) | about 7 years ago | (#20356223)

GPL encourages competition. I like BSD but think it's closer to communism than GPL. Maybe I don't even mean that, but BSD folks that say GPL is communistic are really, really stupid. (ie:you)

Re:No, really (2, Insightful)

marcello_dl (667940) | about 7 years ago | (#20355511)

The code doesn't need freedom. People need freedom. Let the bad guys incorporate GPLed stuff and they are likely to become an issue because they'll enhance it and defend it as it were all their own, against similar enhancements done to the GPLed branch.

Besides, If i were to buy software from a company I'd like to know if it's stuff they designed and know line by line or if they just rebranded things i could obtain for free elsewhere.

I say, if you can expose them, do it.

Re:No, really (0)

Anonymous Coward | about 7 years ago | (#20355565)

And so starts the BSD thread.

Emacs tax (1, Funny)

Anonymous Coward | about 7 years ago | (#20355095)

Did you know? All modern PCs ship with a special Symbolics Lisp co-processor to support the Emacs text editor. Vi users often refer to this $79 chip the "Emacs Tax".

Re:Emacs tax (0)

Anonymous Coward | about 7 years ago | (#20355211)

A fine for choosing vi over emacs sounds reasonable.

Re:Emacs tax (1)

zeromorph (1009305) | about 7 years ago | (#20355245)

Congratulations, in something that is going to be a GPL vs. BSD flamewar you are starting a vi vs. Emacs flamewar.

I'm really touched.

Re:Emacs tax (1)

hawk (1151) | about 7 years ago | (#20356549)

I, for one, welcome our new vi/bsd overlords, who will defend us from the beowolf of soviet russian gpl/high-church-of-emacs heretics . . .

hawk

Silly Troll (0)

Anonymous Coward | about 7 years ago | (#20355413)

the Emacs text editor

Emacs isn't a text editor, it's a dated lisp runtime. Viper is its editor.

Re:Emacs tax (1)

jack455 (748443) | about 7 years ago | (#20356297)

vi was great until I managed to install wine. Now I can use notepad.exe

plug-in a mouse already

Re:Emacs tax (1)

Epistax (544591) | about 7 years ago | (#20356355)

psssst.... you can use a mouse with vi..

Re:Emacs tax (1)

jack455 (748443) | about 7 years ago | (#20356557)

vi? or vim?

(If I have to edit a text file for some reason when no x server is running, I start one and kwrite or gedit, save, and log back out. That's efficient! Otherwise I actually have one of those Oreilly pocket books on vi If I really have to use it)

A couple of things.... (3, Interesting)

mark-t (151149) | about 7 years ago | (#20355117)

What is the false positive rate for this method? What if two programs just happen to do the same thing and the authors happened to choose similar ways to do it. Would this method conclude that one originated with the other? It's not a copyright violation because neither is a derivative work of the other.

Also, it occurs to me that this method would probably not be as useful as expected for detecting GPL violations. It would think it would only be effective for checking where you have source code available, or at the very least enough symbol table information to make comparisons, which you are not likely to have if somebody is violating the GPL because that implies no source code anyways (and almost certainly no symbol table information for the binary).

Re:A couple of things.... (1)

IamTheRealMike (537420) | about 7 years ago | (#20355243)

More to the point what is the false negative rate? There is tons of really useful code out there that doesn't make any system or library calls at all. It just takes data, processes it in some way, and hands back the results. That description could apply to something like an image decoder library like libpng to a fully blown 3D graphics engine.

Re:A couple of things.... (3, Insightful)

arth1 (260657) | about 7 years ago | (#20355359)

My guess is that it would work much better for java and possibly C++ than more concise languages which don't have tonnes of implicit calls and inheritances. And even with OO languages like java, I'd think that simply adding a try in the middle would change the fingerprint quite a bit.
Also worth considering is what a compiler optimiser might do -- they can be quite good at rearranging code different ways depending on whether optimising for speed or code size, and what the target is. That's probably another reason why this might work better with java, which only has rather rudimentary jit optimiser.

If this tool can help identify some infringing code, that's well and good, but I wouldn't rely on it, wouldn't think it would add much if any legal weight, and neither would I think it could replace a thousand eyes.

Anyhow, the real problem, as I see it, with identifying open source code pilfered and added to a closed source project is that you generally aren't allowed to reverse engineer the code itself to see what it actually does. So even if you're Very Damn Sure that a piece of commercial software illegally uses open source and sells it as its own closed source, you're not allowed to investigate and come up with evidence. You'll have to file a suit and get a judge to order the code examined, and with only a good hunch to go on, and no way to document a financial loss, and probably not having too deep pockets yourself, that's rather unlikely to go anywhere.
Which is why I think it's important that we support institutions like FSF, which can occasionally fight the battle on behalf of the little guy.

Regards,
--
*Art

Re:A couple of things.... (1)

mark-t (151149) | about 7 years ago | (#20355661)

Anyhow, the real problem, as I see it, with identifying open source code pilfered and added to a closed source project is that you generally aren't allowed to reverse engineer the code itself to see what it actually does.
The number of cases where this is actually enforceable is far outweighed by the number of cases where it isn't. Reverse engineering by itself isn't illegal anyways... so evidence of copyright infringement acquired by reverse engineering wouldn't be inadmissable.

Re:A couple of things.... (2, Informative)

TheRaven64 (641858) | about 7 years ago | (#20355667)

There is tons of really useful code out there that doesn't make any system or library calls at all. It just takes data, processes it in some way, and hands back the results
Are you sure? You know that read and write are system calls? And that printf, sqrt, exp, etc are all library functions? Even trivial code makes a lot of system calls. A hello world program, in C, on Linux, makes 27 system calls (number from strace).

Re:A couple of things.... (0)

Anonymous Coward | about 7 years ago | (#20356805)

My hello, world app made two.

(remember, systrace always counts one too high, the exec() call at the very top is from systrace itself).

Horray! (1)

kc2keo (694222) | about 7 years ago | (#20355257)

+10 points for FOSS :-D

Re:A couple of things.... (1)

wizardforce (1005805) | about 7 years ago | (#20355323)

probable cause? if two programs execute in virtually identical ways there is a reason to investigate. it doesnt catch them all but it is better than nothing.

Clean room could replicate signature. (3, Insightful)

Ungrounded Lightning (62228) | about 7 years ago | (#20355123)

An identical library call signature for a nontrivial part of the execution could be produced by a clean-room analysis or even independent development of an equivalent component. Neither of these is a GPL violation.

This is not to say that the technique wouldn't be useful for hunting down GPL violations. But a positive is not difinitive by itself.

Meanwhile code obfuscation (even automatically generated obfuscation) could easily modify at least the timing, if not the order, of such calls.

Nevertheless this is a powerful tool: An hunk of GPL code that hasn't had its flow obfuscated systematically (even code that HAS been obfuscated but not systematically) will have large swaths of code that trips the detector. And it doesn't require reverse engineering until after the alarm goes off.

Good job, guys.

Re:Clean room could replicate signature. (1)

Ungrounded Lightning (62228) | about 7 years ago | (#20355303)

Meanwhile code obfuscation (even automatically generated obfuscation) could easily modify at least the timing, if not the order, of such calls.

(Yes I know that the article says it can't. But that refers to the usual sort, which is directed at hiding the similarity from someone reading the source. I'm talking about obfuscation directed at tools reading the routine-call signature.)

Re:Clean room could replicate signature. (1)

adrianmonk (890071) | about 7 years ago | (#20357175)

This is not to say that the technique wouldn't be useful for hunting down GPL violations. But a positive is not difinitive by itself.

Indeed. The title of this slashdot article would be pretty much dead on if the words "and Prove" were taken out of "New Method to Detect and Prove GPL Violations".

Coming soon... (5, Funny)

koh (124962) | about 7 years ago | (#20355127)

GGA! The GNU Genuine Advantage program!

Re:Coming soon... (1)

tehBoris (1120961) | about 7 years ago | (#20356617)

GGA! The GNU Genuine Advantage program!
GGA Genuine Advantage, you mean.

Sweet Mother of All Revolutions (4, Funny)

fishthegeek (943099) | about 7 years ago | (#20355239)

Pitchfork? ... Check
Torch? ... Check
Map of Corporate Castle locations? ... Check
FSF Lawyers programmed to be speed dialed in emergencies? ... Check
Desire to burn the non-believers? ... Check

Okay, I'm ready! What IRC Channel are we meeting in?

Other languages (4, Interesting)

Mike McTernan (260224) | about 7 years ago | (#20355309)

I looked through the paper, and it is cool stuff. But I couldn't see where it supposed the system would work well for other languages, and I wonder if it really would be so good.

Java has a very large standard library that is always dynamically linked, and hence can easily be instrumented as the technique requires. C allows static linking which would make such hooking much more difficult. Additionally Java executes in a very standard environment due to the Virtual Machine, where as other languages may have varying ABIs type sizes and other properties that could add significant noise to the birthmark.

That said, system calls are always hookable and reasonably standard, so maybe this technique could be applied successfully there for malware detection or similar?

Heh.. (1)

mikkelm (1000451) | about 7 years ago | (#20355429)

When people go to these lengths to prove misuse of commercial licenses, they're called fascists. When it's done to prove misuse of free licenses, it's OK.

I see the community is still working as it always has.

Re:Heh.. (1)

sepluv (641107) | about 7 years ago | (#20355505)

It may be news to you but non-commercial licenses are AFAIK universally considered non-free (where as you see to imply the two are mutually exclusive). And when has anyone ever had any problem with people going to lengths (whatever that means) to prove license violations?

I've certainly never heard anyone complaining about people coming up with evidence of violations. In fact, what I've come across a lot of is the opposite: asking people who are making vague libelous accusations about someone "stealing" their "IP" (e.g.: The SCO Group) to provide some proof.

(BTW, I know you are probably trolling but I'm bored.)

Heh..It's mime time. (0)

Anonymous Coward | about 7 years ago | (#20356503)

"And when has anyone ever had any problem with people going to lengths (whatever that means) to prove license violations?"

Oh Lord! Two bits of proof right under your nose and you still miss it.

Re:Heh.. (0)

Anonymous Coward | about 7 years ago | (#20355523)

When people go to these lengths to prove misuse of commercial licenses, they're called fascists.
Link please.

Re:Heh.. (1, Interesting)

Anonymous Coward | about 7 years ago | (#20355601)

Exactly. How many anti-RIAA stories are posted on /. because they are trying to detect and sue people for copyright violation. But when it's your property that's being stolen, it's good to detect violators and threaten lawsuits.

YUOb FAIL IT (-1, Offtopic)

Anonymous Coward | about 7 years ago | (#20355459)

over A quality [goat.cx]

Very Cool (2, Insightful)

maz2331 (1104901) | about 7 years ago | (#20355531)

This is very cool and potentially useful. By itself, it wouldn't be enough to force compliance or win a violation suit, it could well be enough to meet the threshold for filing a suit and forcing source code analysis in discovery. Really, it is a great tool to have to ensure that open source license terms are respected by removing the "code anonymity" inherent in a binary.

Re:Very Cool (0)

Anonymous Coward | about 7 years ago | (#20355983)

So when the RIAA does this sort of thing, is it very cool as well?

Back to the same old problem (1)

kihbord (724079) | about 7 years ago | (#20355591)

It's the same old problem of protecting software. Big companies like M$ have spent billions of dollars trying to control unauthorized use of software. The problem is the same although we are now protecting source code instead of executable code. Does it mean that we are threading the same path and people (developers) will need to spend so much effort and money to protect their rights?

Just great (1, Troll)

Master of Transhuman (597628) | about 7 years ago | (#20355607)

Instead of coding open source projects, now we're coding projects to detect license violations.

Next, the Open Source Business Software Alliance and raids by the Secret Service...

When is the last time we read anything about open source that wasn't about licensing?

When did it stop being about the code and the value?

Re:Just great (1)

sepluv (641107) | about 7 years ago | (#20355717)

Instead of coding open source projects, now we're coding projects to detect license violations.
Well one person has as part of some academic research. You see, the beauty of FLOSS development is everyone can code what they enjoy coding, and that you don't have to help anyone but can instead do something you prefer.

I won't even bother addressing your incoherent comment about the Secret Service, but would be interested in what you are smoking.

When is the last time we read anything about open source that wasn't about licensing?
In around 95% of stories about it. For instance the last FLOSS story on here was about a new release of WINE and the one before that about possible moral issues in working with Iranians on a UAV project. You see, the beauty of /. is that when you see licensing in the title of a story, you don't have to comment on the story about how boring licensing is but can instead read or comment on something you are interested in.

Hmm. (0)

Anonymous Coward | about 7 years ago | (#20355623)

That's great and everything, but could someone please explain how violating the GPL is "code theft"? I thought we reached a consensus that copyright violation is not stealing. Maybe they are trying to take credit for other people's work, but even that is not theft.

Wow...how sad. (1)

sigzero (914876) | about 7 years ago | (#20355771)

What a sad state of "freedom". I can't wait for the hunter-killers to be released.

Wine? (1)

buckhead_buddy (186384) | about 7 years ago | (#20355829)

How well does it work with the Wine versus Windows comparison?

It's not theft (1)

jesterzog (189797) | about 7 years ago | (#20355921)

a new method to detect code theft

I realise this is going off on a tangent, but I'm concerned about the use of the word theft. Usually I'm one of the first people to jump up and down when I hear the RIAA or MPAA accuse people of stealing, and I've noticed that quite a few other people on Slashdot do the same. I think it's mis-representative of the paper to represent copyright infringement as anything other than exactly what it is, which is copyright infringement.

Language is what it is, and it changes over time, but I'd be really disappointed if this one was let to slip, because rather than the language changing because it's more convenient or better, it's changing because a group of powerful corporations want to confuse the issue for their own control and commercial benefit.

Re:It's not theft (1)

jack455 (748443) | about 7 years ago | (#20356467)

Stealing something out of the public domain, for instance, is possible. I think Disney's managed it a couple of times.

I'm against putting copyrighted music and movies on bittorrent or p2p, but it's not stealing. I think the consensus is that if just as many people have it after you "stole" it as before, then "stealing" is the wrong term. In this case if Walmart takes oss code, locks it down and releases it and patents it, that could be stealing. If not code theft, then rights theft.

Interesting question though. Probably a lot to think about.

Read comments and think MS patent claims on linux. (1)

3seas (184403) | about 7 years ago | (#20356007)

False positives....

The story is presented with a stage light focused on linux but then the house lights come up and show linux in jail along with most of the audience.

This is just one paper for one Automated Software Engineering (ASE) conference.

But if you really want to insure software becomes genuinely free, then the level or automated software development will have to become easy enough for the typical user to apply it. Much like most anyone knows how to use a calculator and uses it as they need.

There is currently some effort being applied in the ASE overall focus that will become unimportant and not used once such a user level is reached, not to mention the changes on hardware that enables users to take their system with them on a key chain. Though there will be servers, the majority of use of such automated software creation at such a level will be at the users level, be they a system developer or a casual end user.

And like a calculator calculations sequence...uh err... finger print.... this finger printing becomes pointless.
as it will be found to be something of a reflection of the underlying knowledge system, and not so unique of the users.

To get to the basics of automation and realize the commonality of it is to then know the GPL advantage is NOT having "its mine and you cannot use, overhead and land mines"

For some automation basics - http://threeseas.net/abstraction_physics.html [threeseas.net]

Linus is right (0)

Anonymous Coward | about 7 years ago | (#20356239)

I am with Linus on this one. For the life of me I can't understand what this sucking up to RMS is about. Linus himself does not think GPLv3 is a good thing. So why do people keep adopting it.
Without Linus FOSS is tossed. Not following Linus is dangerous for the survival of FOSS.

Re:Linus is right (1)

jack455 (748443) | about 7 years ago | (#20356591)

??

Linux is still GPL'ed as far as I know. If Linus doesn't want to enforce the GPL (Linux Foundation really) then he (they) could release it under a BSD license.

And I read what he says on GPLv3 as not good enough to switch to or not worth switching to without good reason. He hasn't been super consistent with his statements though.

Fancy That, GNU does DRM (1)

tjstork (137384) | about 7 years ago | (#20356427)

Well now, irony of ironies.. in order to protect the GPL, the GPL needs to have Digital Rights Management... fancy that.

So, does this mean that the next release of the GPL will be, "well, we have to subject everyone to our DRM so that everyone can be free..."

I see this pig suddenly standing up and carrying a whip, in the name of all the other animals on the farm being equal.

"a new method to detect code theft " (1)

noidentity (188756) | about 7 years ago | (#20356575)

Code theft is trivial to detect: just see if your code is missing. Please, can't even Slashdot get the terms consistently correct? This is not about theft at all; it's about a tool that helps find copyright infringement.

reinventing the wheel (1)

m2943 (1140797) | about 7 years ago | (#20356633)

The technique is quite old and usually used for detecting malware. Their particular implementation is also pretty primitive.

Take a look at this website (0, Offtopic)

Wolfman100 (1142345) | about 7 years ago | (#20357167)

WWW.ITKONG.COM Dear IT Jobseeker, Freelancer, Coder, Employer, Networking and hobbyist; ITkong.com offers IT professionals of all scopes the opportunity to find jobs by location, skill, job title and company. Directly from our large database Updated every 24 hours! Find the best IT jobs, freelance opportunities and social network in the industry! Are you an experienced IT professional? ITkong.com has hundreds of IT jobs for you, posted by the top employers and recruiters. We are a precisely targeted and superior technology job board, offering unsurpassed resources to get you access directly to employers and recruiters searching for you. On ITkong.com you can access, search, and apply for that better opportunity. Thanks to our exclusive focus on Information Technology, we can give you access to one of the better collection of IT jobs on the Internet. The top hiring companies use ITkong.com to reach qualified individuals and you can also search our database for IT jobs to get exactly what you want - search by keyword, location, skills, travel, telecommuting options, and more. Show you skills and level of expertise to the world! Take your search for IT jobs or freelance opportunities to the next level by creating your ITkong.com Developer Profile. Remember, some of the best IT opportunities jobs aren't posted, so be sure to make your profile and skills searchable by ITkong.com hiring companies, recruiters and other IT professionals in need of immediate solutions. Test it yourself, its clean, lean and simple! Test it for yourself, no registration fees, just a short login, and start searching for the unique IT professional or position you require for the job. We wish you luck in your search. Please feel free to email us your questions, remarks or suggestions on any matter. Sincerely, Team ITkong www.itkong.com
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>